On 4/29/13 5:40 AM, Ian Eiloart wrote: > Also, what kind of secure list would have automated processing of > message content as a requirement? If a message is gpg encrypted, then > every sender would require the public keys of every recipient, would > they not? Which means that a PKI for the list holders is required. > Currently outside of Mailman's scope, but if it exists, then > presumably senders would be required to cryptographically sign every > message. All the list needs to do is verify the signature before > redistributing. THAT is going to be the main body processing requirement. That is one way, the other is you send the message encrypted to the list's public key, and the list decrypts the message and then reencrypts to each recipient's public key. (In many cases this doesn't actually require decrypting/reencrypting the whole message, just the session key block).
The list could also check any signature, and sign messages with valid signatures with it's key. That way, subscribers don't need any other subscriber's public key. In fact, I think the list could even be set up anonymous so you might not even know who anyone else was, just that the list has validated that the message came from someone on the list. -- Richard Damon _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
